Weblog entry #1 for arothe
See all weblog entries made by arothe.
#1
syslog.conf
Posted by arothe on Sun 10 Aug 2008 at 12:47
My syslogd doesn't log the firewall messages into the right file. Iptables logs with debug level (7) and i have configured:
kern.*;kern.!=debug -/var/log/kern.log kern.debug -/var/log/iptables.logBut both files are empty, all log entries i can only read with dmesg. What's wrong?
Comments on this Entry
Posted by Anonymous (195.22.xx.xx) on Sun 10 Aug 2008 at 17:40
Are you sure about "debug" level? See this:
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a -different-log-file.html
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a -different-log-file.html
[ Parent | Reply to this comment ]
Posted by Anonymous (84.185.xx.xx) on Sun 10 Aug 2008 at 22:55
I'm sure. But I think, that's not the point. I have executed syslogd in debug mode, so I can see:
0: X X X X FF X X X X X FF X X X X X X X X X X X X X X FILE: /var/log/auth.log 1: FF FF FF FF X FF FF FF FF FF X FF FF FF FF FF FF FF FF FF FF FF FF FF FF FILE: /var/log/syslog 2: X X X FF X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/daemon.log 3: FF X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/kern.log 4: X X X X X X FF X X X X X X X X X X X X X X X X X X FILE: /var/log/lpr.log 5: X X FF X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail.log 6: X FF X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/user.log 7: X X X X X X X X FF X X X X X X X X X X X X X X X X FILE: /var/log/uucp.log 8: X X 7F X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail.info 9: X X 1F X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail.warn 10: X X F X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/mail.err 11: X X X X X X X 7 X X X X X X X X X X X X X X X X X FILE: /var/log/news/news.crit 12: X X X X X X X F X X X X X X X X X X X X X X X X X FILE: /var/log/news/news.err 13: X X X X X X X 3F X X X X X X X X X X X X X X X X X FILE: /var/log/news/news.notice 14: 80 80 X 80 X 80 80 X 80 80 X 80 80 80 80 80 80 80 80 80 80 80 80 80 80 FILE: /var/log/debug 15: 70 70 X X X 70 70 X 70 X X 70 70 70 70 70 70 70 70 70 70 70 70 70 70 FILE: /var/log/messages 16: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 WALL: 17: F0 F0 FF FF F0 F0 F0 FF F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 PIPE: |/dev/xconsole 18: FF X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/iptables.logAll files from /etc/syslog.conf are "online", but only /var/log/debug and /var/log/messages are filled. The syslogd process prints messages like:
Select interrupted. Calling select, active file descriptors (max 3): 3It seems the process writes only into a few files and not into all which are specified for the facility. I have also tested it with logger, it doesn't generate kernel messages, all kern.debug are logged as user.debug (?). The iptables rule is
iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level debug --log-prefix "Dropped by firewall: "It is the last rule, the chain has a policy DROP to reject all packets which pass this last rule. I have also replaced the term "debug" with "7" - no effect. Hm, and now?
[ Parent | Reply to this comment ]
I use ulogd to log my firewall (shorewall) with regular syslog. I couldnt find a better way to do it.
http://www.netfilter.org/projects/ulogd/index.html
http://www.shorewall.net/shorewall_logging.html
I use it on all system I m in charge of, no matter what fw. its simple, easy to install and got multiple backends and runs well with logwatch.
Toby
http://www.netfilter.org/projects/ulogd/index.html
http://www.shorewall.net/shorewall_logging.html
I use it on all system I m in charge of, no matter what fw. its simple, easy to install and got multiple backends and runs well with logwatch.
Toby
[ Parent | Reply to this comment ]